[cabf_governance] Draft email on new Server Certificate Working Group for editing
Tim Hollebeek
tim.hollebeek at digicert.com
Tue Jul 3 05:26:24 MST 2018
Given how long I have already graciously waited, the fact that your position has no justification at all in the bylaws, and you blindsided me with it at the last minute?
Yes.
-Tim
From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
Sent: Monday, July 2, 2018 8:03 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com>; Jos Purvis (jopurvis) <jopurvis at cisco.com>; Ben Wilson <ben.wilson at digicert.com>; CA/Browser Forum Governance WG List <govreform at cabforum.org>
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
Tim, it’s fine if we disagree, but I don’t understand the angry tone. I take a different view for the reasons stated – I don’t think the WG can be said to be in operation before it meets and before it knows who its member are – but we are really talking about the difference between a July 3 official starting date and a July 12 official starting date. Is that really worth fighting about?
From: Tim Hollebeek [mailto:tim.hollebeek at digicert.com]
Sent: Monday, July 2, 2018 10:27 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: [EXTERNAL]RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
My problem is your position (highlighted) has no support in the Bylaws, and no one ever made any such suggestion in any of the governance reform meetings over the course of a year. I know because I attended and participated in most of them.
The Bylaws also do not state that declarations of participation are subject to ratification or can be objected to. There is a mechanism for challenging membership stated in the Bylaws, and that isn’t it.
It would be much more useful to take a position that does not introduce yet another completely unnecessary delay. My patience is stretched beyond its breaking point on this one.
-Tim
From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
Sent: Monday, July 2, 2018 1:15 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
Our point of disagreement is that while the SCWG was chartered and we have new Bylaws to govern WGs as of tomorrow, I don’t think the SCWG actually is in operation until we hold an organizational meeting, which will be July 12. That’s also the first date when we can all agree on who is a member/participant in the newly organized WG – I will ask if there are any objections to the people who say they are participants actually being participants (do they qualify, have they signed IPRA).
If you want to post a new SCWG Ballot before the first meeting of the WG on July 12, I guess you can - but my strong preference is that no ballot that you post has a discussion period that ends sooner than July 19, so there will be no future disputes on whether the ballot meets the 7 day minimum discussion period and is/is not a valid ballot.
From: Tim Hollebeek [mailto:tim.hollebeek at digicert.com]
Sent: Monday, July 2, 2018 9:03 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: [EXTERNAL]RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
I disagree about the need for a credentialing process, but that’s minor. I don’t really care how the procedures work as long as they achieve the goal, without undue red tape.
To be clear, while I think the Bylaws are clear I have the right to post a ballot, I don’t intend to hold a VOTE before the first meeting … I just think that ballot discussions running concurrently with the period between now and then is clearly allowed. The suspension of ballot progress before July 3 was purely voluntary and probably even unnecessary. It’s pretty clear the SC WG will exist and can operate under the Bylaws as of tomorrow, and that DigiCert signed the new IPR and has declared its intention to participate (I’ll declare again tomorrow just be crystal clear) and is therefore a member, and can do normal member things like posting ballots for discussion.
-Tim
From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
Sent: Monday, July 2, 2018 11:22 AM
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
I think we are in total agreement, and I’m not sure where the uncertainty has come from. I said on the last two CABF teleconference that as soon as the Bylaws take effect (which is tomorrow) I intend to send a message on the Public list asking all Members who are interested in participating in the SCWG to declare their interest by signing up on the wiki. My message will also call the first meeting for the teleconference on July 12. Participants must also have signed the new IPRA v1.3. Doing this before July 3 is a bit problematic, as the Bylaws to allow some of these steps may not exist yet.
On that July 12 call, we can do a quick roll call to see who is there, and there will be an opportunity to challenge anyone we think does not qualify for membership/participation (e.g., not really a CA or browser, hasn’t signed the IPRA – unlikely). If there are people on the call who have not previously declared themselves, we can add them to the SCWG on the spot, and list them on the wiki later. We can then proceed to business during that call. This is more or less how state legislatures and the Congress get started – a call to meet, displaying “credentials” (here, declaration of intent to participate and proof of qualification), then get started.
Are we in disagreement about anything?
From: Tim Hollebeek [mailto:tim.hollebeek at digicert.com]
Sent: Monday, July 2, 2018 6:54 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: [EXTERNAL]RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
No, they do not get to keep their membership status. And this is *not* about signing or not signing the IPR policy. The Bylaws are pretty clear on that case.
This is about the ambiguity about “declaring”, and what happens if you don’t declare. Right now, the consequences would be far more severe (termination and need for re-application by almost everyone, tomorrow). Would you to process complete membership applications for pretty much everyone?
The proposal is simply for the chair to define a declaration process that includes something along the lines of “declare now (here’s now), but if you signed the new IPR policy already, you have 60 days to declare WG participation with no unnecessary red tape”.
-Tim
From: Kirk Hall [mailto:Kirk.Hall at entrustdatacard.com]
Sent: Saturday, June 30, 2018 7:12 PM
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
To make sure I understand: you are proposing that July 3 is the deadline for signing the IPRA v1.3 agreement, but if a Member or Associate Member doesn’t do that, they keep their membership status another 60 days?
I had thought we agreed that after July 3, a non-signing Member dropped to Associate Member status, and a non-signing Associate Member lost all status.
Can you explain again why we would give another 60 day grace period?
If you are just saying “Give them 60 days to declare their participation”, do we really need that? If MegaCA is on the first SCWG call on July 12 but has not previously declared, why don’t we just treat their being on the call as their declaration, and add them to the list? (We can make sure by asking them on the call if they are choosing to participate.) If they are not on the July 12 call we can say they are not yet participants, but they can declare at any time after that and gain voting, etc. rights immediately.
From: Tim Hollebeek [mailto:tim.hollebeek at digicert.com]
Sent: Friday, June 29, 2018 3:59 AM
To: Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >; Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >
Subject: [EXTERNAL]RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
You had the same idea I did 😊
I agree we should declare the process has a 60 day grace period for sorting out who is and is not a member, without dropping people.
-Tim
From: Jos Purvis (jopurvis) [mailto:jopurvis at cisco.com]
Sent: Thursday, June 28, 2018 5:01 PM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >; Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >
Subject: Re: [cabf_governance] Draft email on new Server Certificate Working Group for editing
Well, that’s the problem, isn’t it? We didn’t really leave ourselves an out on that one: under the current bylaws, everything should swap over on 3 July and they should all be terminated. This isn’t the ideal end-game, though. ☺ I was hoping to pre-emptively declare “yes, there wasn’t a mechanism to do this, now there is, please do so as fast as possible and we’ll be lenient about terminating anything”, but it’s true that that’s not strictly rules-adherent.
--
Jos Purvis (jopurvis at cisco.com <mailto:jopurvis at cisco.com> )
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | +1 919.991.9114 (desk)
From: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >
Date: Thursday, 28 June, 2018 at 14:56
To: "Jos Purvis (jopurvis)" <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >, CA/BF Governance Reform List <govreform at cabforum.org <mailto:govreform at cabforum.org> >, Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >, Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
In what context do members have 60 days to declare participation in the SCWG?
From: Jos Purvis (jopurvis) <jopurvis at cisco.com <mailto:jopurvis at cisco.com> >
Sent: Thursday, June 28, 2018 2:47 PM
To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >; Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >; Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >
Subject: Re: [cabf_governance] Draft email on new Server Certificate Working Group for editing
I think that’s the correct process to declare participation (and I’ve added Cisco to the declaration page as well). It’s a really tight timeline for getting that done, though, so we may need to be more flexible about any membership changes due to lack of declaration for this transition period. Would it be reasonable to state that if IPRAs are not provided by 3 July, a company’s membership will be suspended (they’ve been warned about this one for weeks now), but companies will have 60 days to declare participation in the SCWG and may not submit votes on matters until they have declared their participation?
--
Jos Purvis (jopurvis at cisco.com <mailto:jopurvis at cisco.com> )
.:|:.:|:. cisco systems | Cryptographic Services
PGP: 0xFD802FEE07D19105 | +1 919.991.9114 (desk)
From: Govreform <govreform-bounces at cabforum.org <mailto:govreform-bounces at cabforum.org> > on behalf of CA/BF Governance Reform List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Reply-To: Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >, CA/BF Governance Reform List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Date: Thursday, 28 June, 2018 at 14:20
To: Tim Hollebeek <tim.hollebeek at digicert.com <mailto:tim.hollebeek at digicert.com> >, Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >, CA/BF Governance Reform List <govreform at cabforum.org <mailto:govreform at cabforum.org> >
Subject: Re: [cabf_governance] Draft email on new Server Certificate Working Group for editing
We need to have Server Certificate Working Group members or DigiCert and Entrust will be the only CABF members on July 3 . I think that we need to send out an email telling people how they become members of the Working Group. The Bylaws state, “[they must] have formally declared their participation in the CWG via the mechanism designated by the Forum prior to attending.”
But has the Forum designated the mechanism?
I was thinking members should be required to:
1. email the public list (or alternatively email the WG chair and vice-chair) and formally declare their participation in the Server Certificate Working Group;
2. subscribe to the mailing list - https://cabforum.org/mailman/listinfo/servercert-wg; and
3. list their names here https://cabforum.org/wiki/Server%20Certificate%20Working%20Group as follows:
The following have formally declared their participation in the Server Certificate Working Group:
Name
Date of Declaration
Date of Withdrawal
Digicert, Inc.
28 June 2018
Thoughts? Should I send this to the Management list and then follow up by sending this to the Public list?
Ben
From: Tim Hollebeek
Sent: Thursday, June 14, 2018 8:01 AM
To: Kirk Hall <Kirk.Hall at entrustdatacard.com <mailto:Kirk.Hall at entrustdatacard.com> >; CA/Browser Forum Governance WG List <govreform at cabforum.org <mailto:govreform at cabforum.org> >; Ben Wilson <ben.wilson at digicert.com <mailto:ben.wilson at digicert.com> >
Subject: RE: [cabf_governance] Draft email on new Server Certificate Working Group for editing
This is the point I raised at the end of the call. I think we may need to wait until July 3 to start transition actions, just so that it is clear that the new bylaws are in effect.
However this does not prevent us from discussing what those actions are in advance, so that we can proceed rapidly with them at the appropriate time. This could include having a draft ballot of the election procedures that could be submitted as SCWG Ballot 1.
-Tim
I agree that the SCWG itself exists now, and you and I are Vice Chair and Chair, but we have no enumerated powers to start anything until July 3 – so maybe we rephrase the message that way, and again do nothing until July 3.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/govreform/attachments/20180703/ed229592/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4940 bytes
Desc: not available
URL: <http://cabforum.org/pipermail/govreform/attachments/20180703/ed229592/attachment-0001.p7s>
More information about the Govreform
mailing list